'Operation Endgame' Hits Malware Delivery Platforms(krebsonsecurity.com)
krebsonsecurity.com
'Operation Endgame' Hits Malware Delivery Platforms
https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/
84 comments
Based on what I have observed of l33t haxxors it is likely to send them into fits of apoplectic, impotent, rage.
People in that state tend to make mistakes more often.
People in that state tend to make mistakes more often.
Yeah, I think that’s the goal - ratchet up the psychological pressure and see if anyone makes a mistake.
By way of the example about the LockBit leader: you’re that guy and the feds put up a site saying they know who you are and in 2 days they’re announcing your identity to the public - what do you do? You’re an associate of that guy - what do you do?
The feds are basically whacking the side of the box to see what happens - when the status quo isn’t working, inject some chaos and see what you get.
By way of the example about the LockBit leader: you’re that guy and the feds put up a site saying they know who you are and in 2 days they’re announcing your identity to the public - what do you do? You’re an associate of that guy - what do you do?
The feds are basically whacking the side of the box to see what happens - when the status quo isn’t working, inject some chaos and see what you get.
> Is the "Think about your next move" messaging that intimidating to hackers, especially those living in non-US-aligned countries?
Don't know in practice for everyone, but people still like to travel. And the US doesn't forget. Do you remember Marcus Hutchins coming for the conference?
Once the details are out, they can potentially grab you through other friendly countries too.
Don't know in practice for everyone, but people still like to travel. And the US doesn't forget. Do you remember Marcus Hutchins coming for the conference?
Once the details are out, they can potentially grab you through other friendly countries too.
I just imagine the mentality (and skills) of a cyber security expert who decides to work within the German bureaucracy, it explains a lot
An NSA or DOD guy doing digital forensics and cybercrime type stuff came to one of my college classes to teach a lesson or two. He mentioned that he would love if we came to work with him, but also people he talks to at colleges almost never do because even median pay at a generic private sector corp is better than the government wages for that work. So yes, people working in the majority of cybercrime shops are people who either couldn't hack it at a generic boring C# corpo job, or are specifically more interested in being a white hat than getting paid lots of crinkled, sweat-dampened VC money.
Eh. It is more complicated than that. I started out in DIA and a lot of government employees in the "hacker space" are indeed underpaid compared to their civilian counterparts. The way the sausage is really made though is through contracting, and these folks are paid. Bottom line is that if you want to do cyberspace stuff for uncle sam and want to be paid the you shouldn't be going to any careers/*.gov website. Look instead for generic "Network Operations Engineer" type postings that are in Herndon, Bethesda, Baltimore, Annapolis Junction, Fort Meade, and so on.
There are some perks to being a government employee, but you end up in the government framework for pay and what not, which sucks. if I recall correctly the folks at CIA (AFD I believe???) had some sort of system set up where they hired government employees as a POCO billet or something so they could bring talent in at a reasonable pay scale, and then they'd do some political maneuvering to rotate people around so everyone was getting paid. DIA was a charlie foxtrot in that arena and probably still is, so I'd avoid them. The FBI has a pretty good team in quantico, though I'm guessing again that most of the are really just Booz employees.
There are some perks to being a government employee, but you end up in the government framework for pay and what not, which sucks. if I recall correctly the folks at CIA (AFD I believe???) had some sort of system set up where they hired government employees as a POCO billet or something so they could bring talent in at a reasonable pay scale, and then they'd do some political maneuvering to rotate people around so everyone was getting paid. DIA was a charlie foxtrot in that arena and probably still is, so I'd avoid them. The FBI has a pretty good team in quantico, though I'm guessing again that most of the are really just Booz employees.
It's not even just the money, I had a brief experience working within german bureaucracy and i couldn't imagine a more soul sucking, conservative and uninspiring environment. You definitely have to be a certain type of person for that environment, the unpleasant type imho.
I know a few. My observation ist there are basically two types: Market rejects and fanatics who work for the government out of an antiquated sense of duty.
The latter tend to be quite good.
The latter tend to be quite good.
What about that sense of duty is antiquated?
It's antiquated because you would be romanticizing over an organization that has lost its integrity long ago
No. At least here courts and police are still respected for their integrity, but the government does not reciprocate loyality anymore.
It used to be that duty went both ways, this is not in fashion anymore.
It used to be that duty went both ways, this is not in fashion anymore.
Not really. It's more about understanding that having competent people in the system tends to benefit the community at large, and be willing to endure the (many) downsides.
And yeah, it doesn't work for everyone, and some people genuinely interested in doing the good thing can turn sour after a while. But I rarely see people romanticizing the work conditions or the system they are in.
Also having people willing to trade a pay cut for a way to "make good things" leads to people using their agency in surprising ways, sometimes fucked up.
> an organization that has lost its integrity long ago
That's every org. The relevant part isn't org structure or integrity but whether the org has an impact on stuff that actually matters. Not everyone is interested in optimizing the click rate of ads.
And yeah, it doesn't work for everyone, and some people genuinely interested in doing the good thing can turn sour after a while. But I rarely see people romanticizing the work conditions or the system they are in.
Also having people willing to trade a pay cut for a way to "make good things" leads to people using their agency in surprising ways, sometimes fucked up.
> an organization that has lost its integrity long ago
That's every org. The relevant part isn't org structure or integrity but whether the org has an impact on stuff that actually matters. Not everyone is interested in optimizing the click rate of ads.
> Not everyone is interested in optimizing the click rate of ads.
that's basically it in a nutshell. the corpo world is all about enshittification, and aren't making things better.
it's debatable if the DIA is, either, but there is at least something to stand for other than greed, or some thought terminating cliché about how the "invisible hand" will somehow fix things.
that's basically it in a nutshell. the corpo world is all about enshittification, and aren't making things better.
it's debatable if the DIA is, either, but there is at least something to stand for other than greed, or some thought terminating cliché about how the "invisible hand" will somehow fix things.
Greed is more in style these days
If you become a German civil servant the hours are lovely, the pension is super and the pressure negligible. You need something, you ask your boss, then wait and twiddle your thumbs and watch YouTube videos until it goes up the chain and at some point comes back down. It’s like an oil tanker. Great in a straight line, but damn hard to change course.
It might make one or more of them change their behavior.
> included a countdown timer that was eventually replaced with the personal details of LockBit’s alleged leader
Assuming these folks are somewhere lawless, I assume this is meant to let third parties take matters into their own hands?
Assuming these folks are somewhere lawless, I assume this is meant to let third parties take matters into their own hands?
If folks are interested in this kind of story (law enforcement vs cybercriminals), one of the best examples is the book Crack99:
https://icdt.osu.edu/crack99-takedown-100-million-chinese-so...
https://www.amazon.com/CRACK99-Takedown-Million-Chinese-Soft...
https://icdt.osu.edu/crack99-takedown-100-million-chinese-so...
https://www.amazon.com/CRACK99-Takedown-Million-Chinese-Soft...
sounds kinda like The Cuckoo's Egg, circa 2017.
got my attention though, will check it out
got my attention though, will check it out
I didn't get why all wanted hackers have german flag under their names if all of them are coming from Ukraine. Are they germans or wanted in Germany?
4 people and 100 servers? that's all? that's a drop in a bucket, won't event make a dent in the black market of ransomware.
Forget numbers, think Marvel's Endgame, envision cop superheroes from all over the world converging on the supervillain to enact justice and save civilization!
I swear law enforcement and the military choose the cringest name codes, not much better than names kids would pick.
I swear law enforcement and the military choose the cringest name codes, not much better than names kids would pick.
> I swear law enforcement and the military choose the cringest name codes, not much better than names kids would pick.
I have it on good authority that the people in law enforcement and the military — and indeed all humans in general — were in fact kids at one point. Maybe we all just like cool sounding codenames, even if some keyboard jockeys on a forum will call it “cringe”.
I have it on good authority that the people in law enforcement and the military — and indeed all humans in general — were in fact kids at one point. Maybe we all just like cool sounding codenames, even if some keyboard jockeys on a forum will call it “cringe”.
I was a cringy kid too, but now I'm an adult that wouldn't call an official war strike "Operation Beastmaster" (real name from the Iraq invasion). Christ, how many years before we see names like "Operation CyBoRgDiNoSaUr"?
> but now I'm an adult that wouldn't call an official war strike "Operation Beastmaster" (real name from the Iraq invasion).
Why? That name’s dope. If you can’t give cool names to military operations of all things, then you can’t give cool names to anything. And as someone else pointed out, the US military does have a framework for how they name operations.
They at least avoid sounding like our names in the software industry: https://youtu.be/y8OnoxKotPQ
:P
Why? That name’s dope. If you can’t give cool names to military operations of all things, then you can’t give cool names to anything. And as someone else pointed out, the US military does have a framework for how they name operations.
They at least avoid sounding like our names in the software industry: https://youtu.be/y8OnoxKotPQ
:P
"Endgame" was a word with an established meaning before Disney stuck it in the title of a superhero movie in 2019.
The patch for "Operation Endgame" (in the screen cap at the top of the article) even shows chess pieces, not superheroes.
The patch for "Operation Endgame" (in the screen cap at the top of the article) even shows chess pieces, not superheroes.
They may seem cringe but, at least the military names, are usually part of an underlying lexicon that outsiders don't understand. Some are inside jokes, others are cover for classified names.
You'd think we as software developers would have more humility when judging how other people name things.
Yeah, really. Naming things is one of the n+1 Hard Problems of Computing.
It's standard law enforcement PR. People who are serious about cybersecurity topics might shake their heads a little at the self-aggrandizing naming and Matrix "hacker" backgrounds, but they aren't the target audience. The target audience is for the mass public, to glamorize the police as the Good Guys who are going after the Bad Guys.
[deleted]
Government types do everything by committee and meeting, all responsibility for decisions is shared, everyone must agree.
Thus nothing risky, edgy or creative makes it out of such meetings.
Thus nothing risky, edgy or creative makes it out of such meetings.
lol what? have you seen what comes out of the corporate world lately?
> Droppers remain such a critical, human-intensive component of nearly all major cybercrime enterprises that the most popular have turned into full-fledged cybercrime services of their own. By targeting the individuals who develop and maintain dropper services and their supporting infrastructure, authorities are hoping to disrupt multiple cybercriminal operations simultaneously.
I presume the counterargument is that it's like someone took down Gmail or some other centralized service or something. Maybe the disrupted centralization will send a lot of operations scrambling, even if it was only a few hundred servers that were doing all the work.
I presume the counterargument is that it's like someone took down Gmail or some other centralized service or something. Maybe the disrupted centralization will send a lot of operations scrambling, even if it was only a few hundred servers that were doing all the work.
or to get criminals to swap to a bugged service. This happened before with a darknet market.
If entrapment is unprotected in a relevant jurisdiction, seized domains/servers could be used to disrupt or even unmask actors. Release a new dropper and make the payload build tool malware itself. Now these actors can't trust what they get from each other, even if they trust the person who is supposed to be in control of the service.
That would be a radical departure from the status quo of boasting loudly and plastering seizure pages up everywhere, and the suggestion here is that they are trying different things.
That would be a radical departure from the status quo of boasting loudly and plastering seizure pages up everywhere, and the suggestion here is that they are trying different things.
If a law enforcement official sets up a website offering to sell you an illegal product or service and you buy it, that's not entrapment. It's only entrapment if the police cause you to commit a crime you would not have committed otherwise.
https://lawcomic.net/guide/?p=633
https://lawcomic.net/guide/?p=633
That's not entrapment.
I think the article said another 8 are being placed on a most wanted list or are being pursued. So maybe 3 drops in the bucket?
Assuming those are all master-control servers, how many would it take to make a significant difference?
They're still monitoring and investigating transactions, so it seems likely the numbers will grow.
Assuming those are all master-control servers, how many would it take to make a significant difference?
They're still monitoring and investigating transactions, so it seems likely the numbers will grow.
when you make the rules you get decide what counts as a win.
Ever seen those "million dollar drug busts" that have a small pile of drugs on the table?
Ever seen those "million dollar drug busts" that have a small pile of drugs on the table?
>In addition, Europol released information on eight fugitives suspected of involvement in dropper services and who are wanted by Germany
4 people in the initial arrests. They already have arrest warrants for at least another 8.
It seems they have arrested someone who provided a lot of infrastructure so it wouldn't surprise me if they were able to roll that into more arrests in the near future.
>“It has been discovered through the investigations so far that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware,”
4 people in the initial arrests. They already have arrest warrants for at least another 8.
It seems they have arrested someone who provided a lot of infrastructure so it wouldn't surprise me if they were able to roll that into more arrests in the near future.
>“It has been discovered through the investigations so far that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware,”
I was about to check Spamhaus's ROKSO list, as I recall it listed about 30 people on it who were/are collectively responsible for almost all email spam (but it's down https://www.spamhaus.org/faqs/rokso/). If malware is anything like that, the number of actors may be quite small.
Looks like some web designers in law enforcement are having some fun making fun of the cybercreeps.
[deleted]
mmsc(1)
duxup(1)
warkdarrior(3)
Is the "Think about your next move" messaging that intimidating to hackers, especially those living in non-US-aligned countries?
I suspect this flood of weirdly cyberpunk imagery (seriously, mugshots with a Matrix background?) is more of an artistic choice to flatter the egos of the task force's agents than a strategic move. White hat hackers probably like pretending they're in a spy movie as much as black hats do.